Florent Albert created OLINGO-1620:
--------------------------------------
Summary: Incorrect validation of odata.bind annotation
Key: OLINGO-1620
URL: https://issues.apache.org/jira/browse/OLINGO-1620
Project: Olingo
Issue Type: Bug
Components: odata4-server
Affects Versions: Version (Java) V4 5.0.0, (Java) V4 4.10.0, (Java) V4 4.9.0
Reporter: Florent Albert
Steps to reproduce:
* Make a POST request with a JSON body containing a bind operation. For
example:
**
{code:java}
{
"Name":"A Name",
"[email protected]":"Product(12)"
}
{code}
The JSON deserializer will consider *@odata.bind12345* as being well formed and
will pass the binding link down to the processors.
This is because the deserializer only does a partial checks (String.contains())
on the JSON field key:
[https://github.com/apache/olingo-odata4/blob/20b0d7a2c0134d00cd86ef42545bf4af9b254d32/lib/server-core/src/main/java/org/apache/olingo/server/core/deserializer/json/ODataJsonDeserializer.java#L460]
Instead, it should be an exact match.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
